Unfortunately, healthcare organizations are more likely to pay a ransom because their records are essential for patient care, making them a prime target for cyber-attacks.
Experts found it can take only a few seconds to get into a patient’s health record. Additionally, threat actors may receive up to $1,000 for it, making it a lucrative record to buy. The dark web revealed an entire healthcare organization had a price tag of $10 million.
Many healthcare organizations continue to operate without an incident response (IR) plan despite the increase in cyber threats and 3.4 billion phishing emails sent daily.
Forty-two percent of healthcare organizations do not have an incident response plan due to a lack of knowledge and staff to implement the entire framework, according to a report by Shred-it.
The remaining 58 percent of healthcare organizations most likely have an outdated or untested IR plan.
When an incident occurs (depending on the severity), an organization may experience significant downtime, meaning their key operating systems are crippled. Incidents prevent healthcare workers from accessing vital data to provide critical patient care.
In 2021, 2,032 medical organizations experienced a ransomware attack that impacted 19.76 million patient records and cost almost $7.8 billion in downtime, according to Comparitech.
The amount of downtime can be decreased significantly with an effective IR plan.
Not only does an IR plan reduce downtime, but it also provides an organized approach to quickly respond and restore your organization's operations during an incident.
But note: Incident response plans are not "one and done." The IR plans require regular testing and revision to protect patients and organizations as part of a continuous improvement program.
Once a healthcare organization has recovered from an incident, it is important to conduct a "post-mortem" or "lessons learned" exercise with the incident response team and other key stakeholders.
A post-incident exercise allows teams to identify strengths and weaknesses within their incident response plan and evaluate areas of opportunity. It is an effective way to improve processes, revise communication plans, and update external business partners.
You can use the following questions as a guideline to conduct the post-incident discussion:
Gathering the above information should lead to revising the IR plan, that has:
In a nutshell, healthcare is a hotspot for threat actors targeting valuable patient records. Shockingly, almost half of these places are flying blind without solid incident response plans, risking major disruptions and costs in the case of an incident. Time for a reality check: develop an incident response plan, test it, and update it regularly to avoid costly downtime and regulatory penalties.
If you are looking to develop, revise, or test your incident response plan, contact PacketWatch. Our advisory services team is ready to help organizations like yours close security and compliance gaps.
Sheri Garver has nearly two decades of professional accreditation and compliance background. She is the Senior Advisor of Regulatory Compliance for PacketWatch, a premier cybersecurity firm in Scottsdale, Arizona.
If you need help with your compliance or accreditation programs, please contact PacketWatch so we can discuss how we can help your organization meet and exceed its compliance goals.